Cryptography-Digest Digest #166, Volume #13 Thu, 16 Nov 00 07:13:00 EST
Contents:
Re: vote buying... (Paul Rubin)
WS_FTP is insecure - it supports SSL, but only with 40-bit keys! (Eric Smith)
Re: New record SNFS factorization (John Savard)
Re: vote buying... (Eric Smith)
Re: vote buying... ([EMAIL PROTECTED])
Re: Anyone has read / poses / is found of book by M.Schroeder(not the ("John A.
Malley")
Re: Anyone done/doing Schneier's self-study cryptanalysis course? ("John A. Malley")
Re: Q: fast block ciphers ("Scott Fluhrer")
Hitachi - on what grounds ?? ("kihdip")
Re: Anyone has read / poses / is found of book by M.Schroeder(not the (Ariel
Burbaickij)
Re: Anyone has read / poses / is found of book by M.Schroeder(not the ("John A.
Malley")
Re: Q: fast block ciphers (Lauri Pesonen)
Re: Anyone has read / poses / is found of book by M.Schroeder(not the (Ariel
Burbaickij)
Re: vote buying... (Bill Godfrey)
Re: Big-block cipher, perhaps a new cipher family? (Mok-Kong Shen)
Re: Hitachi - on what grounds ?? (Mok-Kong Shen)
Re: Anyone has read / poses / is found of book by M.Schroeder(not the (Richard
Heathfield)
----------------------------------------------------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: 15 Nov 2000 20:07:04 -0800
David Schwartz <[EMAIL PROTECTED]> writes:
> > That traceability is bad even if the election officials are honest and
> > the election is fair. Years later, Sheriff Bubba has worked his way
> > up to being Supreme Dictator Bubba, has the election officials
> > executed and gets the archived code numbers and uses the ballot data
> > to locate everyone who voted against him.
>
> Won't work. It'll just give him the code numbers of everyone who voted
> against him. Remember, we were talking about a case where a citizen
> presents his electronic voting receipt to an official.
Nope. Remember, Bubba already got the receipts from the voters back
when he was still Sheriff and couldn't decode them. Now he can decode
them and there is hell to pay.
> > The goal of being able to check votes after the election (to detect
> > fraud) is in conflict with the goal of not being able to check the
> > votes (to protect voter secrecy).
>
> So long as you need the voter's help to check them, you can easily meet
> both goals.
The whole point of the original Sheriff Bubba scenario was to show
that receipts are bad even if the voter has to help decode it. I
don't see this as helping. Maybe there could be some protocol where
all the receipts are public, and the statistics of a signed collection
of votes (signed by the voting machine) can be computed, but nothing
about individual votes can be computed, and the statistics of unsigned
collections can't be computed. (Otherwise, you could find statistics
of different subsets of the receipts and figure out individual votes
or votes of small groups). Then the voting machine would spit out
its signed receipt collection as soon as the polls close, and destroy
its signing key immediately afterwards, so Bubba wouldn't be able to
use the key to sign more stuff later (i.e. if the election was honest
in the first place, the receipts couldn't be retroactively misused).
Really though, we're talking about Star Trek solutions to a Babylon 5
problem (I love that description but don't remember who originally
made it).
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: WS_FTP is insecure - it supports SSL, but only with 40-bit keys!
Date: 15 Nov 2000 20:37:11 -0800
I've been trying to find an FTP client for Windows that supports SSL,
and tried WS_FTP from Ipswitch. It's inexpensive, and they provide
a time-limited demo.
I'm very glad that they provided the demo. If I'd paid money for it
I'd demand a refund. I found out the hard way that they support
*only* 40-bit ciphers. I inquired of their technical support,
expecting perhaps to be told that I needed an expensive SGC certificate
in order to use secure crypto. To my surprise they said that they
don't support it at all.
Although the product seems to be quite good in other respects, I have
to recommend *against* it for anyone who actually is concerned about
security.
Eric Smith
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.math
Subject: Re: New record SNFS factorization
Date: Thu, 16 Nov 2000 04:59:27 GMT
On 15 Nov 2000 19:58:23 GMT, [EMAIL PROTECTED] (Bill Unruh) wrote,
in part:
>In <[EMAIL PROTECTED]> "Herman J.J. te Riele" <[EMAIL PROTECTED]> writes:
>]``The Cabal'' announces the completion, on November 14, 2000,
>]of the factorization with the Special Number Field Sieve (SNFS)
>]of the 233-digit Cunningham number 2,773+ = 2^773 + 1 into the product
>]of 3, 533371 and three primes of 55, 71, and 102 digits, respectively.
>]This establishes a new record for the Special Number Field Sieve SNFS.
>Well, I would not call this factoring a 233 digit number, maybe a 227
>digit number. Those factors of 3 and 533371 are trivial.
Because the particular 233-digit number being factored was chosen for
its mathematical interest, you have been criticized for going as far
as saying that the announcement was "overplaying" the achievement.
This, of course, doesn't contradict the specific motivation behind
your concern: as far as the direct applicability of this to attacks on
RSA, one might even consider only the largest two factors, and note
this implies that a 173-digit modulus is insecure.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: 15 Nov 2000 21:16:18 -0800
"Kristopher Johnson" <[EMAIL PROTECTED]> writes:
> "Your vote" is not something you own; it is a privilege granted to you by
> the government,
In the United States, voting is not a privilege granted by the
government. It is a right held by the people. The Federal government
has no power to restrict it, and the States have only a small amount of
power to restrict it. The states had more power in this regard before
the ratifications of the 14th, 15th, 19th, 24th, and 26th amendments.
In general in the United States the government does not have the
power to grant privileges. Any time you hear about them doing so,
you should immediately be suspicious that they're exceeding their
authority.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: vote buying...
Date: Thu, 16 Nov 2000 05:41:11 GMT
In article <8utp40$5pe$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Wagner) wrote:
> Paul Rubin wrote:
> >[EMAIL PROTECTED] (David Wagner) writes:
> >> That's not quite true. The great thing about our voting system is
that
> >> it's easy to check up on how they're operating. You can stand at
the
> >> polling place all day and make sure they always put all ballots in
the
> >> locked box. You can go watch the hand count. You can volunteer
to help.
> >
> >As we're seeing in Florida, this is nowhere near enough, especially
> >with absentee ballots. But even with the ballots cast in person,
> >there are all sorts of reports of boxes of them disappearing and/or
> >turning up later in strange places; locked boxes apparently
containing
> >ballots being opened and turning out to contain only voting supplies
> >like crayons; bags of ballots being mysteriously unsealed while
locked
> >up; etc. Plus there's also the issue of enforcement on voting day.
> >Apparently large numbers of voters were turned away from the polls
> >without being being allowed to cast provisional (disputed) ballots
and
> >without being given any documents saying they had been turned away.
> >It's a real mess.
Maybe the level of scrutiny is not high enough from the political
parties. In Australia, we can have electoral results as close as 10
votes and there is still a high degree of confidence in the results.
Sometimes there might be one recount but (for the whole seat not justs
parts of it) you don't hear it drag on and on.
As for missing balot boxes and tampered boxes, I've never heard it
happening. One thing, in Australia, federal elections are conducted by
a federal authority, the Australian Electoral Commission. The states
conduct their own elections, but cannot make laws regarding federal
elections.
One thing that I do find interesting about the Presidental election
system is the lack of preferental voting. Gore would have clearly won
Florida if the many voters who voted for Neder could vote Gore 2nd
preference. I suspect quite a number of other states which ended up
voting for Bush would have been Gore states as well. Billy boy wouldn't
have won '92 as many Perot votes may have voted Republican if he wasn't
around.
Preferential voting removes the problem of punching the wrong place. If
you have to state your preference for all candidates standing, then
opportunity for confusion is more limited.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Anyone has read / poses / is found of book by M.Schroeder(not the
Date: Wed, 15 Nov 2000 22:45:11 -0800
Ariel Burbaickij wrote:
>
> In case anyone should .Give me a notice please . I have a question about his
> way of arguing about
> distribution of prime numbers.
>
> Regards.
M.R.Schroeder's book "Number Theory in Science and Communication", Third
Edition, Springer, ISBN 3-540-62006-0?
Yes, I have a copy of that book.
Sound like you question something in Chapter 4, "The Distribution of
Primes."
What struck you as questionable about his derivations?
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Anyone done/doing Schneier's self-study cryptanalysis course?
Date: Wed, 15 Nov 2000 22:47:22 -0800
I am as well.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Q: fast block ciphers
Date: Wed, 15 Nov 2000 22:55:05 -0800
David Schwartz <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Lauri Pesonen wrote:
>
> > I seem to remeber hearing from someone that blowfish is relatively
> > fast. Any faster block ciphers out there?
>
> The last time I compared speeds of encryption algorithms (on Pentium
> hardware) RC4 was the fastest. I don't recally exactly which ciphers I
> compared, but I know blowfish, DES, and RC2 were in there.
Umm, the OP asked for a block cipher. I do believe that RC4 is normally
considered a stream cipher...
--
poncho
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Hitachi - on what grounds ??
Date: Thu, 16 Nov 2000 08:42:04 +0100
I just read this passage from an article concerning the choice of AES at
http://www.nwfusion.com/news/2000/1016apps.html :
"Another issue is that Hitachi last spring exerted patent
claims over the four other algorithms (MARS, RC6,
Serpent and Twofish). The government wants AES to
be public-domain technology, and given that it was
stuck in a situation of fighting Hitachi over the four
algorithms, NIST decided to choose Rijndael, Viega
says."
I havn't followed the discussion (there must have been one here?) and
wondered on what grounds Hitachi could claim patent right over the four
algorithms ??
With IBM, RSA and Counterpane as the direct 'inventors', how could Hitachi
come up with this foolish patent idea ??
Kim
------------------------------
From: Ariel Burbaickij <[EMAIL PROTECTED]>
Subject: Re: Anyone has read / poses / is found of book by M.Schroeder(not the
Date: Thu, 16 Nov 2000 08:50:47 +0100
"John A. Malley" wrote:
>
> Ariel Burbaickij wrote:
> >
> > In case anyone should .Give me a notice please . I have a question about his
> > way of arguing about
> > distribution of prime numbers.
> >
> > Regards.
>
> M.R.Schroeder's book "Number Theory in Science and Communication", Third
> Edition, Springer, ISBN 3-540-62006-0?
>
> Yes, I have a copy of that book.
>
> Sound like you question something in Chapter 4, "The Distribution of
> Primes."
>
> What struck you as questionable about his derivations?
The next step after representation of multiplication series as
summation series(by taking logarithmus naturalis surely ) It was
crystall-clear surely.The very next step after mentioned is the step
I do not understand.What exactly has he done ?
Regards
>
> John A. Malley
> [EMAIL PROTECTED]
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Anyone has read / poses / is found of book by M.Schroeder(not the
Date: Thu, 16 Nov 2000 00:35:59 -0800
Ariel Burbaickij wrote:
[snip]
> >
> > Sound like you question something in Chapter 4, "The Distribution of
> > Primes."
> >
> > What struck you as questionable about his derivations?
>
> The next step after representation of multiplication series as
> summation series(by taking logarithmus naturalis surely ) It was
> crystall-clear surely.The very next step after mentioned is the step
> I do not understand.What exactly has he done ?
>
Between Equation 4.2 and 4.3 on page 39 the author expands the r.h.s. of
Equation 4.2 using the summation series equivalent to the natural
logarithm of a quantity a:
ln(a) = (a - 1) - 1/2( a - 1)^2 + 1/3( a - 1)^3 - 1/4( a - 1)^4 + ....
where -1 < a < 1
So if we plug in for a the value of (1 - 1/p^i), (and note here the
author uses i as a superscript to indicate the ith prime that less than
or equal to some summation limit value x) we get the series expansion of
the ln( 1 - 1/p^i) on the r.h.s. of 4.2 as
ln( 1 - 1/p^i) = -1/p^i - 1/2( -1/p^i)^2 + 1/3( -1/p^i) ^3 - 1/4(
-1/p^i)^4 + ....
Next, if we ignore the higher order terms in the expansion (which is a
reasonable assumption when the ith prime p^i is getting large, as i
tends to infinity, those higher order terms quickly tend to zero)
we get the author's approximate equivalent to the ln( W(x)) as Equation
4.3,
___
ln( W(x) ) approx = \ - 1/p^i
/__
p^i < x
Hope this helps,
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Lauri Pesonen <[EMAIL PROTECTED]>
Subject: Re: Q: fast block ciphers
Date: 16 Nov 2000 11:36:52 +0200
Doug Kuhlman <[EMAIL PROTECTED]> writes:
> It's hard to beat Rijndael, the new AES. Low memory load and fast.
> Probably your best bet...at least as a starting point.
Many others suggested Rijnael as well. I think I'll look into it first.
> Doug
>
> P.S. For real advice, I'd consult something (someone) a bit higher
> profile than a newsgroup. You'll find some good advice but some
> snake-oil, too.
I'm planning on consulting other people as well. This was just an initial
poll to see what's out there.
I thank you all for your answers, they were very helpful. Especially
Stefan Lucks's comments about RKEP.
Actually, depending on the other remote keying protocols suggested by Lucks,
I might be looking for a stream cipher rather than a block cipher, in which
case RC4 might be the right choice...
--
Lauri
------------------------------
From: Ariel Burbaickij <[EMAIL PROTECTED]>
Subject: Re: Anyone has read / poses / is found of book by M.Schroeder(not the
Date: Thu, 16 Nov 2000 10:38:17 +0100
"John A. Malley" wrote:
>
> Ariel Burbaickij wrote:
> [snip]
> > >
> > > Sound like you question something in Chapter 4, "The Distribution of
> > > Primes."
> > >
> > > What struck you as questionable about his derivations?
> >
> > The next step after representation of multiplication series as
> > summation series(by taking logarithmus naturalis surely ) It was
> > crystall-clear surely.The very next step after mentioned is the step
> > I do not understand.What exactly has he done ?
> >
>
One of the quickiest answers ever got and surprisingly clear.
Thank you.
The only question left is motivation for substituting a with
1 - 1/p^i is it just "another name" for a or were deeper reasons
present for changing a with 1 - 1/p^i ? If the last hold true
how the author has choosen this term and why ? hat is r.h.s.
I am not well aquinted with English mathematical terminology.
Regular harmonic series or something other ?
Regards
> Between Equation 4.2 and 4.3 on page 39 the author expands the r.h.s. of
> Equation 4.2 using the summation series equivalent to the natural
> logarithm of a quantity a:
>
> ln(a) = (a - 1) - 1/2( a - 1)^2 + 1/3( a - 1)^3 - 1/4( a - 1)^4 + ....
> where -1 < a < 1
>
> So if we plug in for a the value of (1 - 1/p^i), (and note here the
> author uses i as a superscript to indicate the ith prime that less than
> or equal to some summation limit value x) we get the series expansion of
> the ln( 1 - 1/p^i) on the r.h.s. of 4.2 as
>
> ln( 1 - 1/p^i) = -1/p^i - 1/2( -1/p^i)^2 + 1/3( -1/p^i) ^3 - 1/4(
> -1/p^i)^4 + ....
>
> Next, if we ignore the higher order terms in the expansion (which is a
> reasonable assumption when the ith prime p^i is getting large, as i
> tends to infinity, those higher order terms quickly tend to zero)
>
> we get the author's approximate equivalent to the ln( W(x)) as Equation
> 4.3,
> ___
> ln( W(x) ) approx = \ - 1/p^i
> /__
> p^i < x
>
> Hope this helps,
>
> John A. Malley
> [EMAIL PROTECTED]
------------------------------
From: Bill Godfrey <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: 16 Nov 2000 11:18:54 +0000
Reply-To: [EMAIL PROTECTED]
Paul Rubin <[EMAIL PROTECTED]> writes:
> essential component of democracy. You don't want Sheriff Bubba to be
> able pull you over and say "Boy, I'm gonna bust your ass unless you
> get in that booth and vote for Chief Sluggo, and bring back the
> receipt to show you done it". That also means that even if you took
(In the context of a computer assisted polling station. The computer
would print the voter's choice in an OCR-able way onto paper, and
then print a reciept, which the voter can keep or destroy.)
How about, after the real receipt has been printed, offer the voter
the chance to print a fake reciept to show they voted for someone
else.
The real recipt would have sort of SHA hash...
SHA256(time_of_day+polling_station_id+candidate+secret)
The secret would only be known to the election officials, so they
(and only they) can check if a reciept is real.
Fake recipts would look identical to real recipts, but instead of
a SHA hash, it would have random hex digits.
Anyway, is there a more appropiate group for this sort of
discussion?
Bill, prefers paper and pen.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Big-block cipher, perhaps a new cipher family?
Date: Thu, 16 Nov 2000 12:37:37 +0100
Manuel Pancorbo wrote:
>
> Let's consider a fast stream cipher which reach full diffusion in the 'n'
> ciphered unit and let's take it to cipher a big block (packet) with 'N'
> units and N >> n, by means of a key 'K'. After this forward encryption the
> state is reset to the initial key 'K' and a *backward* encryption is
> performed on the packet. So:
It is not clear in your description how the 'diffusion' is
achieved through stream encryption. A stream cipher encrpyts
each 'unit' independent of the other. The 'state' of the
cipher changes with each unit, but this is generally
independent of the content of the plaintext unit being
processed. So there is no 'interaction' between the units.
If you do stream encryption in the forward and then in
the backward direction, you are just doing a (special)
multiple encryption (superencipherment) with stream
techniques.
You can also use any common block cipher to do chaining
in the forward direction and, after having processed the
whole file, do a second encryption pass in the backward
direction. (This is a known method of forcing the opponent
to process the whole file, as also mentioned previously in
several threads of the group.) In fact, the block cipher
is doing 'stream' encryption here if you look on the block
as a single 'unit' of the 'stream'.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Hitachi - on what grounds ??
Date: Thu, 16 Nov 2000 12:37:45 +0100
kihdip wrote:
>
> I just read this passage from an article concerning the choice of AES at
> http://www.nwfusion.com/news/2000/1016apps.html :
>
> "Another issue is that Hitachi last spring exerted patent
> claims over the four other algorithms (MARS, RC6,
> Serpent and Twofish). The government wants AES to
> be public-domain technology, and given that it was
> stuck in a situation of fighting Hitachi over the four
> algorithms, NIST decided to choose Rijndael, Viega
> says."
>
> I havn't followed the discussion (there must have been one here?) and
> wondered on what grounds Hitachi could claim patent right over the four
> algorithms ??
> With IBM, RSA and Counterpane as the direct 'inventors', how could Hitachi
> come up with this foolish patent idea ??
There was previously discussions in the group on Hitachi's
patent issue. No definite information/result came out of
that. I wonder why the other candidates of AES are deemed
to violate the patent, while Rijndael's ShiftRow, where a
cyclic shift is done, does not. Could someone explain that?
Thanks.
M. K. Shen
------------------------------
Date: Thu, 16 Nov 2000 11:52:48 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Anyone has read / poses / is found of book by M.Schroeder(not the
Ariel Burbaickij wrote:
>
<snip>
> [w]hat is r.h.s.
> I am not well aquinted with English mathematical terminology.
> Regular harmonic series or something other ?
<grin> Close, but no cigar.
r.h.s. is, quite simply, "right hand side".
Thus, in:
(x + y)(x - y) = x(x - y) + y(x - y)
^^^^^^^^^^^^^^^^^^^
this is the r.h.s.
And, of course, the left hand side of the equation is known as the
l.h.s.
HTH. HAND.
<snip>
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
